We use the SPDY network protocol extensively to improve the performance of our websites. SPDY — pronounced “speedy” — is a new-ish protocol from Google with the goal of reducing latency, improving throughput and improving pipelining. Many articles have been written about the advantages of SPDY. We have observed 20%-30% better loading time on www.phusionpassenger.com by switching from plain HTTP to SPDY, mostly because of the better pipelining that SPDY offers over plain HTTP.

SPDY is built on top of TLS. Nginx has supported SPDY through external patches for a while. Since version 1.4.0, Nginx has SPDY support builtin, with two caveats:

SPDY support must be enabled by compiling Nginx with --with-http_spdy_module.

It requires OpenSSL 1.0.1+, because SPDY requires the Next Protocol Negotiation TLS extension.

Many users prefer to use the Nginx binary provided by their distribution. But not all of the currently widely used distributions provide OpenSSL 1.0.1, and of those that do, very few of them have Nginx with SPDY enabled.

We started providing prebuilt Nginx binaries since Phusion Passenger 4.0.13 (learn more at “No more compiling Phusion Passenger”). These Nginx binaries not only have Phusion Passenger support enabled, but also SPDY support! Furthermore, we’ve spent great effort on ensuring that these binaries are compatible with a wide range of Linux distributions, whether they’re running on x86 or x86_64. Best of all: you can use these Nginx binaries without Phusion Passenger, and as a drop-in replacement for your distribution’s Nginx binary! This means:

You get to keep all the nice things that your distribution package offers, such as init scripts, conf.d directories, etc.

No compilation is necessary.

Getting started on Debian or Ubuntu

This guide is taylored for Debian and Ubuntu. The instructions may also work on other distributions, but the paths may be different, and the init script format may also be different. You can use this guide as a starting point for figuring out how to achieve the same for your specific distribution.

Install Nginx using apt:

sudo apt-get install nginx

Next, download our Nginx binary. There are multiple versions of Nginx and of Phusion Passenger. You can find all available versions at the Phusion download server, indexed by Phusion Passenger version. At the time of writing, Nginx 1.4.2 and Phusion Passenger 4.0.13 are the most recent versions:

The next steps are a little more complicated, although not difficult. The Nginx binary that we provide is compiled with the prefix /tmp. This is because Nginx requires several data directories (e.g. client_body_temp_path) to properly operate. Since our Nginx binary is designed to be portable, we can’t assume any specific directory structure, which is why we use the /tmp prefix.

Luckily, there is a way to tell the Nginx binary during runtime to a different directory structure, and that’s exactly what we’re going to do.

Testing SPDY

To test SPDY, you need an SSL certificate for your domain name. There are many cheap SSL certificate providers our there, which you can easily find through Google. Once you have an SSL certificate, create a virtual host entry:

Finally, use SPDYCheck to check your website at https://your_domain_name.com.

Distribution updates

Whenever the distribution has an update for Nginx, you must replace the Nginx binary after the distribution’s update tool has installed the update. For example, suppose that Ubuntu releases Nginx 1.4.3 tomorrow:

Next, extract the Nginx binary and overwrite the distribution’s binary:

tar xzvf nginx-*.tar.gz
sudo cp nginx /usr/sbin/

Finally, finalize the apt-get upgrade and restart Nginx:

sudo apt-get upgrade
sudo /etc/init.d/nginx restart

What about security?

Downloading random binaries from the Internet is very dangerous. If an attacker intercepts and modifies the communication channel, anything goes. To combat this problem, we’ve employed two security measures:

Reinstalling Nginx if something goes wrong

If our binary doesn’t work for some reason, then reverting to the original Nginx binary is easy:

sudo apt-get remove nginx
sudo apt-get install nginx

Conclusion

Installing Nginx with SPDY support through our prebuilt binaries is quite easy and requires just a few config file changes. We’ve love to know whether it works well for you. Please leave feedback at the comment form below. Thank you for reading.

There have been several recent announcements about changes to the Passenger installation process. SPDY support is the only reason I’ve been building my own Nginx. Is this custom binary integrated into the Passenger install process? If not, are there plans to automate it? Manual steps make me nervous. They’re exactly the things most likely to be forgotten or done wrong during an upgrade.

http://www.phusion.nl/ Hongli Lai

Currently, this custom binary is used by Phusion Passenger Standalone. Although Phusion Passenger Standalone has no builtin support for SSL or SPDY, you can edit the Phusion Passenger Standalone Nginx config template (`passenger-config –root`/resources/templates/standalone/config.erb) and put SSL/SPDY directives there.

The installer for Phusion Passenger for Nginx (passenger-install-nginx-module) does currently not use our custom binaries, although we’re working on that.

http://www.manybots.com/ Niko Roberts

Has anything changed since this blog post?

http://www.phusion.nl/ Hongli Lai

Passenger Standalone now has builtin support for SSL but not (yet) SPDY.

Hongli – wow thanks for the quick reply. I downloaded it already but thought its wrong because of the name “PassengerWebHelper” (in the tar). So how to follow the process above then? Shall I rename it to nginx and put it into /usr/sbin/ ? Or do I have to place it somewhere else?

Before, nginx was loading fine, after doing the cp PassengerWebHelper to /usr/sbin/nginx this starts happening.

My fix was to make a symlink to the nginx.conf but having that in /tmp/conf/ doesn’t seem make a lot of sense… Your instructions in this post suggest this should be in /var/lib/nginx

Also the IPv6 directive on the default nginx site config throws an error
nginx: [emerg] the INET6 sockets are not supported on this platform in “[::]:80” of the “listen” directive in /etc/nginx/sites-enabled/default:22

Hello, we are Phusion. We provide amazing products and services
for web apps written in Ruby, Python, Node.js and Meteor.

“Phusion” and “Phusion Passenger” are registered trademarks of Phusion. “Rails”, “Ruby on Rails” and the Rails logo are registered trademarks of David Heinemeier Hansson. All other trademarks are property of their respective owners.